Protecting your company from cyber attacks

Some proactive measures you can take to protect yourself from cyber attack include:

  1. Review the Essential Eight here to work towards improving your cyber security profile.
  2. Create a separate email address for different categories of online activity such as banking, investments, government agencies, shopping, discussion groups, newsletters etc. If you need to, you can then change your email address for a subset of online activities without disrupting everything you use online. Only share your primary email address with people you know well.
  3. Hover over links in emails or website to check the address the link is going to take you to, to make sure it is a legitimate address.
  4. Use strong and complex passwords that are different for each login that you have and don’t share your login credentials with anyone. Even better, instead of a password switch to a passphrase that is made up of at least four words, including at least 14 characters, for example ‘IWant0Attacks!’. Make it meaningful to you but hard for others to guess.
  5. Don’t save/remember your login credentials on your browser but type them in every time. This may not be very practical so, at the very least, make sure you have a good passphrase or biometrics to unlock your desktop / phone and that your screen lock on all your devices is set to turn on after a short period of inactivity.
  6. Enable two or multi factor authentication on at least your email and banking accounts.
  7. Set country limiting policies for office 365 and your firewall only to countries requiring access. If limiting to Australia only for example, you will immediately curtail 99% of attacks which come from overseas.
  8. If you use social media, adjust your privacy settings to control the amount and type of information you share.
  9. Regularly monitor your accounts for signs of compromise including your email’s sent, junk and deleted items folders (and desktop bin).
  10. Back your data up to more than one source – another hard drive that is password protected or the cloud.
  11. Be careful when signing up to mailing lists as cybercriminals sometimes use the unsubscribe button to validate addresses.
  12. Only make online purchases from companies that have a clear privacy policy and secure payment options. Use PayPal where possible rather than entering your credit card credentials online directly. This means your credit card information is not passing across the internet, PayPal have their own security checking systems and also often warranty or can provide refunds where the purchase is faulty or fake.
  13. Think before you fill out online forms and be careful with whom and how you share your information. Ask yourself, do I really need to give my information to this site?
  14. Keep a record of what information you have given to whom.
  15. Get all your staff to check how cyber savvy they are by taking a phishing test: ACSC Phishing Test

You can see further security advice here